[security-dev] IDM Use Case : Registering OAuth2 Applications

Anil Saldhana Anil.Saldhana at redhat.com
Wed Nov 14 16:46:49 EST 2012


It has a different meaning I think. Not sure. See below.

This is how it is in layman terms:

Twitter is the OAuth2 provider.  Tweetdeck, hootsuite,twitter mobile app 
etc are registered applications at Twitter developer site.
They get a consumer key and a secret from twitter to identify them.

On thinking further, I am wondering maybe we can model this as a 
TwitterRegisteredApplicationsRealm under which we register application(s).


On 11/14/2012 03:29 PM, Shane Bryzak wrote:
> Is Application in this instance synonymous with the Application that
> we've been discussing the last couple of days?  Or does it have a
> different meaning?
>
> On 11/15/2012 06:56 AM, Anil Saldhana wrote:
>> Shane/Pedro,
>>      what do you think about this issue?  There is no real user involved.
>> It is the registration of an OAuth2 mobile/desktop
>> application at the provider.
>>
>> Regards,
>> Anil
>>
>> On 11/08/2012 08:41 AM, Anil Saldhana wrote:
>>> This use case is primarily for OAuth2 style interactions.  There is a
>>> need to register a OAuth2 application at the OAuth2 provider (such as
>>> Facebook, Twitter etc).
>>>
>>> The registration of the application is very similar to a User.
>>> https://github.com/picketlink/picketlink/blob/master/oauth/src/main/java/org/picketlink/oauth/registration/RegistrationEndpoint.java
>>>
>>> The method register()  has me using IDM User API to register a Client
>>> Application with clientname and using attributes for redirect_url and
>>> description and stuff.
>>>
>>> How do we modify the IDM API for Application registration?
>>


More information about the security-dev mailing list